From stdpp Require Import prelude. From Coq Require Import FinFun Rdefinitions FunctionalExtensionality. From VLSM Require Import Lib.Preamble Lib.ListExtras Lib.StdppListSet Lib.ListSetExtras Lib.Measurable. From VLSM Require Import Core.VLSM VLSMProjections Core.Composition Core.ProjectionTraces Core.SubProjectionTraces Core.MessageDependencies. From VLSM Require Import Core.Equivocation Core.Equivocation.NoEquivocation Core.Equivocation.FixedSetEquivocation Core.Equivocation.TraceWiseEquivocation.
Witnessed equivocation
s, there is
a trace ending in s whose equivocating_senders_in_trace are precisely
the equivocators of s (the WitnessedEquivocationCapability),
we can show that for each Free valid state there exists
a valid trace with the strong_trace_witnessing_equivocation_property,
i.e., a trace whose every prefix is a witness for its corresponding end state
(Lemma free_has_strong_trace_witnessing_equivocation_prop).
In particular, the set of equivocators is monotonically increasing for such a
trace (Lemma strong_witness_equivocating_validators_prefix_monotonicity).
Section witnessed_equivocation. Context {message : Type} {MsgEqDec : EqDecision message} {index : Type} {IndEqDec : EqDecision index} (IM : index -> VLSM message) {index_listing : list index} (finite_index : Listing index_listing) (Hbs : forall i : index, HasBeenSentCapability (IM i)) (Hbr : forall i : index, HasBeenReceivedCapability (IM i)) (Hbo : forall i : index, HasBeenObservedCapability (IM i) := fun i => HasBeenObservedCapability_from_sent_received (IM i)) {validator : Type} {ValEqDec : EqDecision validator} (A : validator -> index) (sender : message -> option validator) (Free := free_composite_vlsm IM) (PreFree := pre_loaded_with_all_messages_vlsm Free) (Hbs_free : HasBeenSentCapability Free := free_composite_HasBeenSentCapability IM finite_index Hbs) (Hbr_free : HasBeenReceivedCapability Free := free_composite_HasBeenReceivedCapability IM finite_index Hbr) {measurable_V : Measurable validator} {threshold_V : ReachableThreshold validator} {is_equivocating_tracewise_no_has_been_sent_dec : RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)} {validator_listing : list validator} (finite_validator : Listing validator_listing) (Htracewise_BasicEquivocation : BasicEquivocation (composite_state IM) validator := equivocation_dec_tracewise IM A sender finite_validator) (equivocating_validators := equivocating_validators (BasicEquivocation := Htracewise_BasicEquivocation)) . Existing Instance Hbs_free. Existing Instance Hbr_free.
A trace witnesses the equivocation of its final state
s if its set of
equivocators is precisely that of the equivocating_validators of s.
Definition trace_witnessing_equivocation_prop is tr (s := finite_trace_last is tr) : Prop := forall v, v ∈ equivocating_validators s <-> exists (m : message), (sender m = Some v) /\ equivocation_in_trace PreFree m tr.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
is: state
tr: list transition_item
Htr: trace_witnessing_equivocation_prop is tr
s:= finite_trace_last is tr: stateset_eq (equivocating_validators s) (equivocating_senders_in_trace IM sender tr)split; intros v Hv; [apply Htr in Hv| apply Htr] ; [apply elem_of_equivocating_senders_in_trace| apply elem_of_equivocating_senders_in_trace in Hv] ; assumption. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
is: state
tr: list transition_item
Htr: trace_witnessing_equivocation_prop is tr
s:= finite_trace_last is tr: stateset_eq (equivocating_validators s) (equivocating_senders_in_trace IM sender tr)
A composition of VLSMs has the witnessed equivocation capability if towards any
valid states there exist a trace witnessing its equivocation.
Class WitnessedEquivocationCapability := { is_equivocating_tracewise_witness : forall s, valid_state_prop PreFree s -> exists is tr, finite_valid_trace_init_to PreFree is s tr /\ trace_witnessing_equivocation_prop is tr }. Section witnessed_equivocation_properties. Context (Hke : WitnessedEquivocationCapability) (Hsender_safety : sender_safety_alt_prop IM A sender) .message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM strace_witnessing_equivocation_prop s []message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM strace_witnessing_equivocation_prop s []message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []trace_witnessing_equivocation_prop s []message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []
v: validatorv ∈ equivocating_validators (finite_trace_last s []) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m [])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []
v: validatorv ∈ equivocating_validators (List.last (map destination []) s) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m [])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []
v: validatorv ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m [])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []
v: validatorv ∈ [] ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m [])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []
v: validatorv ∈ [] ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m [])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []
v: validator(∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m []) → v ∈ []message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []
v: validator
m: message
Hm: equivocation_in_trace PreFree m []v ∈ []assumption. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: composite_state IM
Hs: composite_initial_state_prop IM s
Hempty: Equivocation.equivocating_validators s = []
v: validator
m: message
Hm: equivocation_in_trace PreFree m []equivocation_in_trace PreFree m []
For any trace having the trace_witnessing_equivocation_property,
its final transition is monotonic w.r.t. the equivocating_validators.
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: stateequivocating_validators s ⊆ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: stateequivocating_validators s ⊆ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: state
v: validator
Hv: v ∈ equivocating_validators sv ∈ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
v: validator
Hwitness: v ∈ equivocating_validators (finite_trace_last is (tr ++ [item])) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))
s':= destination item: state
Hv: v ∈ equivocating_validators sv ∈ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
v: validator
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))
s':= destination item: state
Hv: v ∈ equivocating_validators sv ∈ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
v: validator
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))
s':= destination item: state
Hv: v ∈ equivocating_validators s∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
v: validator
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))
s':= destination item: state
Hv: is_equivocating_tracewise_no_has_been_sent IM A sender s v∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
v: validator
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))
s':= destination item: state
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m tr∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
v: validator
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))
s':= destination item: state
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m trsender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
v: validator
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))
s':= destination item: state
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m trequivocation_in_trace PreFree m (tr ++ [item])assumption. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
v: validator
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))
s':= destination item: state
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m trequivocation_in_trace PreFree m tr
Given a trace with the trace_witnessing_equivocation_property,
if the equivocating_validators for the destination of its last transition
are included in the equivocating_validators for the source of its last
transition, the the trace without its last transition also has the
trace_witnessing_equivocation_property.
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: state
Hincl: equivocating_validators s' ⊆ equivocating_validators strace_witnessing_equivocation_prop is trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: state
Hincl: equivocating_validators s' ⊆ equivocating_validators strace_witnessing_equivocation_prop is trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: state
Hincl: equivocating_validators s' ⊆ equivocating_validators strace_witnessing_equivocation_prop is trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: state
Hincl: equivocating_validators s' ⊆ equivocating_validators strace_witnessing_equivocation_prop is trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: state
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validatorv ∈ equivocating_validators (finite_trace_last is tr) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: v ∈ equivocating_validators s∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m trv ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: v ∈ equivocating_validators s∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: is_equivocating_tracewise_no_has_been_sent IM A sender s v∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m trassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: ∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m tr∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m trv ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m trv ∈ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr
Hwitness: v ∈ equivocating_validators (finite_trace_last is (tr ++ [item])) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))v ∈ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))v ∈ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
H: ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
msg: message
Hsender: sender msg = Some v
Heqv: equivocation_in_trace PreFree msg tr
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
msg: message
Hsender: sender msg = Some v
Heqv: equivocation_in_trace PreFree msg tr
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))sender msg = Some v ∧ equivocation_in_trace PreFree msg (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
msg: message
Hsender: sender msg = Some v
Heqv: equivocation_in_trace PreFree msg tr
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))equivocation_in_trace PreFree msg (tr ++ [item])assumption. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
item: composite_transition_item IM
s':= destination item: _composite_state IM
Hincl: equivocating_validators s' ⊆ equivocating_validators s
v: validator
msg: message
Hsender: sender msg = Some v
Heqv: equivocation_in_trace PreFree msg tr
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item]))equivocation_in_trace PreFree msg tr
An equivocator for the destination of a transition is either an equivocation
for the source as well, or it is the sender of the received message and that
message is not sent by any trace witnessing the source of the transition.
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
om: option message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, om) (s', om')
v: validatorv ∈ equivocating_validators s' → v ∈ equivocating_validators s ∨ (∃ m : message, om = Some m ∧ sender m = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
om: option message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, om) (s', om')
v: validatorv ∈ equivocating_validators s' → v ∈ equivocating_validators s ∨ (∃ m : message, om = Some m ∧ sender m = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
om: option message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, om) (s', om')
v: validator
Hv: v ∈ equivocating_validators s'v ∈ equivocating_validators s ∨ (∃ m : message, om = Some m ∧ sender m = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
om: option message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, om) (s', om')
v: validator
Hv: v ∈ equivocating_validators s'
Hnv: v ∉ equivocating_validators sv ∈ equivocating_validators s ∨ (∃ m : message, om = Some m ∧ sender m = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
om: option message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, om) (s', om')
v: validator
Hv: v ∈ equivocating_validators s'
Hnv: v ∉ equivocating_validators s∃ m : message, om = Some m ∧ sender m = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
om: option message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, om) (s', om')
v: validator
Hv: is_equivocating_tracewise_no_has_been_sent IM A sender s' v
Hnv: v ∉ equivocating_validators s∃ m : message, om = Some m ∧ sender m = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
om: option message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, om) (s', om')
v: validator
Hv: is_equivocating_tracewise_no_has_been_sent IM A sender s' v
Hnv: v ∉ equivocating_validators s
Hom: option_bind message validator sender om = Some v∃ m : message, om = Some m ∧ sender m = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
Hv: is_equivocating_tracewise_no_has_been_sent IM A sender s' v
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m0 tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
Hv: is_equivocating_tracewise_no_has_been_sent IM A sender s' v
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some vSome m = Some m ∧ sender m = Some v ∧ (∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
Hv: is_equivocating_tracewise_no_has_been_sent IM A sender s' v
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v∀ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
Hv: is_equivocating_tracewise_no_has_been_sent IM A sender s' v
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
tr: list transition_item
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
Hv: is_equivocating_tracewise_no_has_been_sent IM A sender s' v
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
tr: list transition_item
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
Hv: ∃ m0 : message, sender m0 = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m0 (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix: list transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix: list transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ [item]
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = []¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix: list transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ [item]
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = []¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix: list transition_item
Heq: tr = prefix ∧ {| l := l; input := Some m; destination := s'; output := om' |} = item
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = []¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
m': message
Hm': sender m' = Some v
prefix: list transition_item
Heqv: input {| l := l; input := Some m; destination := s'; output := om' |} = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s prefix
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (prefix ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is prefix¬ trace_has_message (field_selector output) m prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
m': message
Hm': sender m' = Some v
prefix: list transition_item
Heqv: Some m = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s prefix
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (prefix ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is prefix¬ trace_has_message (field_selector output) m prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
m': message
Hm': sender m' = Some v
prefix: list transition_item
Heq_m: Some m = Some m'
Heqv: ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s prefix
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (prefix ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is prefix¬ trace_has_message (field_selector output) m prefixassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
m': message
Hm': sender m' = Some v
prefix: list transition_item
Heq_m: Some m = Some m'
Heqv: ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s prefix
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (prefix ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is prefix
H0: m = m'¬ trace_has_message (field_selector output) m' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']¬ trace_has_message (field_selector output) m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is tr
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']v ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators (finite_trace_last is tr) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)v ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators (finite_trace_last is tr) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)v ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators (finite_trace_last is tr) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)v ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)v ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)sender m' = Some v ∧ equivocation_in_trace PreFree m' trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)equivocation_in_trace PreFree m' trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)tr = prefix ++ item :: suffix' ∧ input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ item :: suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)tr = prefix ++ item :: suffix'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = prefix ++ [item] ++ suffix' ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)tr = prefix ++ item :: suffix'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}] = ((prefix ++ [item]) ++ suffix') ++ [item']
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)tr = prefix ++ item :: suffix'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr = (prefix ++ [item]) ++ suffix' ∧ {| l := l; input := Some m; destination := s'; output := om' |} = item'
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)tr = prefix ++ item :: suffix'apply Heq. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
l: label
s: state
m: message
s': state
om': option message
Ht: input_valid_transition PreFree l (s, Some m) (s', om')
v: validator
tr: list transition_item
m': message
Hm': sender m' = Some v
prefix: list transition_item
item: transition_item
suffix, suffix': list transition_item
item': transition_item
Heq: tr = prefix ++ [item] ++ suffix' ∧ {| l := l; input := Some m; destination := s'; output := om' |} = item'
Heqv: input item = Some m' ∧ ¬ trace_has_message (field_selector output) m' prefix
Hnv: v ∉ equivocating_validators s
Hom: sender m = Some v
is: state
Htr: finite_valid_trace_from_to PreFree is s tr
Hs: finite_trace_last is tr = s
Hinit: initial_state_prop is
Htr': finite_valid_trace_from_to PreFree is s' (tr ++ [{| l := l; input := Some m; destination := s'; output := om' |}])
Heqsuffix: suffix = suffix' ++ [item']
Hwitness: v ∈ equivocating_validators s ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr)tr = prefix ++ item :: suffix'
Given a non-empty trace with the trace_witnessing_equivocation_property,
there are two disjoint possibilities concerning its last transition.
(1) either it preserves the set of equivocating_validators and, in that case,
the trace without the last transition has the
trace_witnessing_equivocation_property as well; or
(2) The set of equivocating_validators of its destination is obtained
by adding the sender of the message received in the transition to the
set of equivocating_validators of its source, and, in that case, that message
is not sent by any trace witnessing the source of the transition.
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr_item: finite_valid_trace_init_to PreFree is s' (tr ++ [item])
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s:= finite_trace_last is tr: stateset_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr_item: finite_valid_trace_init_to PreFree is s' (tr ++ [item])
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s:= finite_trace_last is tr: stateset_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is s' (tr ++ [item])
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s:= finite_trace_last is tr: stateset_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr) s' [item]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s:= finite_trace_last is tr: stateset_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr) s' [item]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s:= finite_trace_last is tr: stateset_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s:= finite_trace_last is tr: state
Htl: finite_valid_trace_from_to PreFree s' s' []
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s:= finite_trace_last is tr: state
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')set_eq (equivocating_validators (finite_trace_last is tr)) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators (finite_trace_last is tr)) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr))) ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
Hincl: equivocating_validators (finite_trace_last is tr) ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')set_eq (equivocating_validators (finite_trace_last is tr)) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators (finite_trace_last is tr)) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr))) ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
Hincl: equivocating_validators (finite_trace_last is tr) ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Hreflect: option_bind message validator sender om = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators (finite_trace_last is tr)) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators (finite_trace_last is tr)) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr))) ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Hreflect: option_bind message validator sender om = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
v: validator
Heq_v: option_bind message validator sender om = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: None = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
v: validator
Heq_v: option_bind message validator sender om = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: option_bind message validator sender (Some m) = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m0 : message, Some m = Some m0 ∧ (∃ v : validator, sender m0 = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m0 tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m0 : message, Some m = Some m0 ∧ (∃ v : validator, sender m0 = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m0 tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
s0: set_eq (equivocating_validators s) (equivocating_validators s')trace_witnessing_equivocation_prop is trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m0 : message, Some m = Some m0 ∧ (∃ v : validator, sender m0 = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m0 tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
s0: set_eq (equivocating_validators s) (equivocating_validators s')trace_witnessing_equivocation_prop is trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
s0: set_eq (equivocating_validators s) (equivocating_validators s')equivocating_validators (destination item) ⊆ equivocating_validators (finite_trace_last is tr)apply s0.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
Hincl: equivocating_validators (finite_trace_last is tr) ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
s0: set_eq (equivocating_validators (finite_trace_last is tr)) (equivocating_validators s')equivocating_validators (destination item) ⊆ equivocating_validators (finite_trace_last is tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m0 : message, Some m = Some m0 ∧ (∃ v : validator, sender m0 = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m0 tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')∃ m0 : message, Some m = Some m0 ∧ (∃ v : validator, sender m0 = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m0 tr))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : state) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))∃ v : validator, v ∈ equivocating_validators s' ∧ v ∉ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Hv: ∃ v : validator, v ∈ equivocating_validators s' ∧ v ∉ equivocating_validators s(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))∃ v : validator, v ∈ equivocating_validators s' ∧ v ∉ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))Exists (λ x : validator, x ∉ equivocating_validators s) (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))¬ Forall (λ x : validator, x ∈ equivocating_validators s) (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
all: Forall (λ x : validator, x ∈ equivocating_validators s) (equivocating_validators s')Falsemessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
all: Forall (λ x : validator, x ∈ equivocating_validators s) (equivocating_validators s')set_eq (equivocating_validators s) (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
all: Forall (λ x : validator, x ∈ equivocating_validators s) (equivocating_validators s')equivocating_validators s' ⊆ equivocating_validators sassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
all: ∀ x : validator, x ∈ equivocating_validators s' → x ∈ equivocating_validators sequivocating_validators s' ⊆ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Hv: ∃ v : validator, v ∈ equivocating_validators s' ∧ v ∉ equivocating_validators s(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
v': validator
Heqv: v' ∈ equivocating_validators s'
Hneqv: v' ∉ equivocating_validators s(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
v': validator
Heqv: v' ∈ equivocating_validators s'
Heq_v': v' ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v' ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Hneqv: v' ∉ equivocating_validators s(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
v': validator
Heqv: v' ∈ equivocating_validators s'
_m: message
Heq_m: Some m = Some _m
Heq_v': sender _m = Some v'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) _m tr0
Hneqv: v' ∉ equivocating_validators s(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
v': validator
Heqv: v' ∈ equivocating_validators s'
_m: message
Heq_m: Some m = Some _m
Heq_v': sender _m = Some v'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) _m tr0
Hneqv: v' ∉ equivocating_validators s
H0: m = _m(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) _m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
v': validator
Heqv: v' ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Heq_v': sender m = Some v'
Heq_m: Some m = Some m
Hneqv: v' ∉ equivocating_validators s(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
v': validator
Heqv: v' ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Heq_v': sender m = Some v'
Hneqv: v' ∉ equivocating_validators s(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
v': validator
Heqv: v' ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Heq_v': sender m = Some v'
Hneqv: v' ∉ equivocating_validators s
H: v' = v(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
Heq_v': sender m = Some v(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s(v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators sset_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators sset_eq (equivocating_validators s') (set_add v (equivocating_validators s))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hv': v' ∈ equivocating_validators s'v' ∈ set_add v (equivocating_validators s)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hv': v' ∈ set_add v (equivocating_validators s)v' ∈ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hv': v' ∈ equivocating_validators s'v' ∈ set_add v (equivocating_validators s)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hv': v' ∈ equivocating_validators s'
n0: v' ∉ equivocating_validators sv' ∈ set_add v (equivocating_validators s)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hv': v' ∈ equivocating_validators s'
n0: v' ∉ equivocating_validators sv' = vmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hv': v' ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v' ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
n0: v' ∉ equivocating_validators sv' = vcongruence.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
_m: message
Heq_m: Some m = Some _m
Heq_v': sender _m = Some v'
n0: v' ∉ equivocating_validators sv' = vmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hv': v' ∈ set_add v (equivocating_validators s)v' ∈ equivocating_validators s'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hs'0: v' ∈ equivocating_validators sv' ∈ equivocating_validators s'assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
m: message
s': composite_state IM
om': option message
item:= {| l := l; input := Some m; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, Some m) (s', om')
v: validator
Heq_v: sender m = Some v
Hreflect: Some v = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)
n: ¬ set_eq (equivocating_validators s) (equivocating_validators s')
Honly_v: ∀ v : validator, v ∈ equivocating_validators s' → v ∈ equivocating_validators (finite_trace_last is tr) ∨ (∃ m0 : message, Some m = Some m0 ∧ sender m0 = Some v ∧ (∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m0 tr0))
Heqv: v ∈ equivocating_validators s'
Hweqv: ∀ (is0 : _composite_state IM) (tr0 : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr) tr0 → trace_witnessing_equivocation_prop is0 tr0 → ¬ trace_has_message (field_selector output) m tr0
Hneqv: v ∉ equivocating_validators s
v': validator
Hs'0: v' ∈ equivocating_validators sv' ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: None = None → Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is tr ∨ (∃ m : message, om = Some m ∧ (∃ v : validator, sender m = Some v ∧ (v ∉ equivocating_validators s) ∧ set_eq (equivocating_validators s') (set_add v (equivocating_validators s)) ∧ (∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) m tr)))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s') ∧ trace_witnessing_equivocation_prop is trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)trace_witnessing_equivocation_prop is trsplit; subst; assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)set_eq (equivocating_validators s) (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)trace_witnessing_equivocation_prop is trapply Hreflect. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: composite_state IM
tr: list (composite_transition_item IM)
l: composite_label IM
om: option message
s': composite_state IM
om': option message
item:= {| l := l; input := om; destination := s'; output := om' |}: transition_item
Htr: finite_valid_trace_from_to PreFree is (finite_trace_last is tr) tr
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr ++ [item])
s: state
Heqs: s = finite_trace_last is tr
Hincl: equivocating_validators s ⊆ equivocating_validators (destination item)
Ht: input_valid_transition PreFree l (finite_trace_last is tr, om) (s', om')
Heq_v: option_bind message validator sender om = None
Hreflect: Equivocation.equivocating_validators s' ⊆ Equivocation.equivocating_validators (finite_trace_last is tr)equivocating_validators (destination item) ⊆ equivocating_validators (finite_trace_last is tr)
A stronger trace_witnessing_equivocation_property requires that any
prefix of a trace is witnessing equivocation for its correspondin final state.
Definition strong_trace_witnessing_equivocation_prop is tr :=
forall prefix suffix, prefix ++ suffix = tr ->
trace_witnessing_equivocation_prop is prefix.
An advantage of the strong_trace_witnessing_equivocation_property
is that is guantees monotonicity of equivocating_validators along the trace.
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hwitness: strong_trace_witnessing_equivocation_prop is tr
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr
ps:= finite_trace_last is prefix: stateequivocating_validators ps ⊆ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hwitness: strong_trace_witnessing_equivocation_prop is tr
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr
ps:= finite_trace_last is prefix: stateequivocating_validators ps ⊆ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is, s: composite_state IM
tr: list (composite_transition_item IM)
Htr: finite_valid_trace_init_to PreFree is s tr
Hwitness: strong_trace_witnessing_equivocation_prop is tr∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last is prefix in equivocating_validators ps ⊆ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si: state
Hsi: initial_state_prop si
Hwitness: strong_trace_witnessing_equivocation_prop si []
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = []
ps:= finite_trace_last si prefix: stateequivocating_validators ps ⊆ equivocating_validators simessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop si tr → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]
ps:= finite_trace_last si prefix: stateequivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si: state
Hsi: initial_state_prop si
Hwitness: strong_trace_witnessing_equivocation_prop si []
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = []
ps:= finite_trace_last si prefix: stateequivocating_validators ps ⊆ equivocating_validators simessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si: state
Hsi: initial_state_prop si
Hwitness: strong_trace_witnessing_equivocation_prop si []
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix = [] ∧ suffix = []
ps:= finite_trace_last si prefix: stateequivocating_validators ps ⊆ equivocating_validators sireflexivity.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si: state
Hsi: initial_state_prop si
Hwitness: strong_trace_witnessing_equivocation_prop si []
ps:= finite_trace_last si []: stateequivocating_validators ps ⊆ equivocating_validators simessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop si tr → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]
ps:= finite_trace_last si prefix: stateequivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
IHHtr: strong_trace_witnessing_equivocation_prop si tr → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [item]
ps:= finite_trace_last si prefix: stateequivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
IHHtr: strong_trace_witnessing_equivocation_prop si tr → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [item]
ps:= finite_trace_last si prefix: statestrong_trace_witnessing_equivocation_prop si trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [item]
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators sequivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
IHHtr: strong_trace_witnessing_equivocation_prop si tr → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [item]
ps:= finite_trace_last si prefix: statestrong_trace_witnessing_equivocation_prop si trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
IHHtr: strong_trace_witnessing_equivocation_prop si tr → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [item]
ps:= finite_trace_last si prefix: state
pre, suf: list transition_item
Heq: pre ++ suf = trtrace_witnessing_equivocation_prop si premessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
pre, suf: list transition_item
Hwitness: pre ++ suf ++ [item] = tr ++ [item] → trace_witnessing_equivocation_prop si pre
IHHtr: strong_trace_witnessing_equivocation_prop si tr → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [item]
ps:= finite_trace_last si prefix: state
Heq: pre ++ suf = trtrace_witnessing_equivocation_prop si premessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
pre, suf: list transition_item
Hwitness: pre ++ suf ++ [item] = tr ++ [item] → trace_witnessing_equivocation_prop si pre
IHHtr: strong_trace_witnessing_equivocation_prop si tr → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [item]
ps:= finite_trace_last si prefix: state
Heq: pre ++ suf = trpre ++ suf ++ [item] = tr ++ [item]apply app_assoc.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
pre, suf: list transition_item
IHHtr: strong_trace_witnessing_equivocation_prop si (pre ++ suf) → ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = pre ++ suf → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
sf: state
iom, oom: option message
l: label
Hwitness: pre ++ suf ++ [{| l := l; input := iom; destination := sf; output := oom |}] = (pre ++ suf) ++ [{| l := l; input := iom; destination := sf; output := oom |}] → trace_witnessing_equivocation_prop si pre
Htr: finite_valid_trace_init_to PreFree si s (pre ++ suf)
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = (pre ++ suf) ++ [{| l := l; input := iom; destination := sf; output := oom |}]
ps:= finite_trace_last si prefix: statepre ++ suf ++ [{| l := l; input := iom; destination := sf; output := oom |}] = (pre ++ suf) ++ [{| l := l; input := iom; destination := sf; output := oom |}]message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ suffix = tr ++ [item]
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators sequivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ [] = tr ++ [item]
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = []equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
_item: composite_transition_item IM
Heqtr: prefix ++ suffix' ++ [_item] = tr ++ [item]
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [_item]equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix ++ [] = tr ++ [item]
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = []equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix: list (composite_transition_item IM)
Heqtr: prefix = tr ++ [item]
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = []equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
ps:= finite_trace_last si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]): state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators sequivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators sequivocating_validators (finite_trace_last si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])) ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators sequivocating_validators (destination {| l := l; input := iom; destination := sf; output := oom |}) ⊆ equivocating_validators sfreflexivity.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators sequivocating_validators sf ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
_item: composite_transition_item IM
Heqtr: prefix ++ suffix' ++ [_item] = tr ++ [item]
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [_item]equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
_item: composite_transition_item IM
Heqtr: (prefix ++ suffix') ++ [_item] = tr ++ [item]
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [_item]equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
_item: composite_transition_item IM
Heqtr: prefix ++ suffix' = tr ∧ _item = item
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [_item]equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
_item: composite_transition_item IM
Heqtr: prefix ++ suffix' = tr
Heq_item: _item = item
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [_item]equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: ∀ prefix suffix : list (composite_transition_item IM), prefix ++ suffix = tr → let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item]equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item]equivocating_validators ps ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: strong_trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item]equivocating_validators s ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: (tr ++ [item]) ++ [] = tr ++ [item] → trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item]equivocating_validators s ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: (tr ++ [item]) ++ [] = tr ++ [item] → trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item](tr ++ [item]) ++ [] = tr ++ [item]message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item]
Hwitness: trace_witnessing_equivocation_prop si (tr ++ [item])equivocating_validators s ⊆ equivocating_validators sfapply app_nil_r.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
Hwitness: (tr ++ [item]) ++ [] = tr ++ [item] → trace_witnessing_equivocation_prop si (tr ++ [item])
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item](tr ++ [item]) ++ [] = tr ++ [item]message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item]
Hwitness: trace_witnessing_equivocation_prop si (tr ++ [item])equivocating_validators s ⊆ equivocating_validators sfapply (equivocating_validators_witness_monotonicity _ _ _ Htr _ Hwitness). Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition PreFree l (s, iom) (sf, oom)
item: transition_item
Heqitem: item = {| l := l; input := iom; destination := sf; output := oom |}
prefix, suffix, suffix': list (composite_transition_item IM)
Heqtr: prefix ++ suffix' = tr
ps:= finite_trace_last si prefix: state
IHHtr: let ps := finite_trace_last si prefix in equivocating_validators ps ⊆ equivocating_validators s
Heqsuffix: suffix = suffix' ++ [item]
Hwitness: trace_witnessing_equivocation_prop si (tr ++ [item])equivocating_validators s ⊆ equivocating_validators (destination item)
The next two lemmas show that the strong_trace_witnessing_equivocation_property
is preserved by transitions in both the cases yielded by Lemma
equivocating_validators_witness_last_char as part of the induction step in
the proof of Lemma preloaded_has_strong_trace_witnessing_equivocation_prop.
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))strong_trace_witnessing_equivocation_prop is' (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))strong_trace_witnessing_equivocation_prop is' (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix: list transition_item
Heq_tr''_item: prefix ++ suffix = tr'' ++ [item]trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix: list transition_item
Heq_tr''_item: prefix ++ [] = tr'' ++ [item]
Hsuffix_eq: suffix = []trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr''_item: prefix ++ suffix' ++ [sitem] = tr'' ++ [item]
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix: list transition_item
Heq_tr''_item: prefix ++ [] = tr'' ++ [item]
Hsuffix_eq: suffix = []trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix: list transition_item
Heq_tr''_item: prefix = tr'' ++ [item]
Hsuffix_eq: suffix = []trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))trace_witnessing_equivocation_prop is' (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validatorv ∈ equivocating_validators (finite_trace_last is' (tr'' ++ [item])) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validatorv ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: tr'' ++ [] = tr'' → trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validatorv ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''v ∈ equivocating_validators (destination item) → ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''(∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])) → v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''v ∈ equivocating_validators (destination item) → ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
Hv: v ∈ equivocating_validators (destination item)∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
Hv: v ∈ equivocating_validators s∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
Hv: v ∈ equivocating_validators (finite_trace_last is' tr'')∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
Hv: ∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr''∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''equivocation_in_trace PreFree m (tr'' ++ [item])assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''equivocation_in_trace PreFree m tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''(∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr'' ++ [item])) → v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m (tr'' ++ [item])v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr'' ∨ input item = Some m ∧ ¬ trace_has_message (field_selector output) m tr''v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: input item = Some m ∧ ¬ trace_has_message (field_selector output) m tr''v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''v ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''v ∈ equivocating_validators (finite_trace_last is' tr'')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m tr''split; assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: equivocation_in_trace PreFree m tr''sender m = Some v ∧ equivocation_in_trace PreFree m tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heqv: input item = Some m ∧ ¬ trace_has_message (field_selector output) m tr''v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''¬ trace_has_message (field_selector output) m tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''¬ trace_has_message (field_selector output) m tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'Falsemessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'trace_has_message (field_selector output) m tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
Htr'_lst: valid_state_prop PreFree s
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'trace_has_message (field_selector output) m tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
Htr'_lst: valid_state_prop PreFree s
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'
Hconsistency: selected_message_exists_in_some_preloaded_traces Free (field_selector output) s m → selected_message_exists_in_all_preloaded_traces Free (field_selector output) s mtrace_has_message (field_selector output) m tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
Htr'_lst: valid_state_prop PreFree s
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'
Hconsistency: selected_message_exists_in_some_preloaded_traces Free (field_selector output) s m → selected_message_exists_in_all_preloaded_traces Free (field_selector output) s mselected_message_exists_in_some_preloaded_traces Free (field_selector output) s mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
Htr'_lst: valid_state_prop PreFree s
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'
Hconsistency: selected_message_exists_in_all_preloaded_traces Free (field_selector output) s mtrace_has_message (field_selector output) m tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
Htr'_lst: valid_state_prop PreFree s
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'
Hconsistency: selected_message_exists_in_some_preloaded_traces Free (field_selector output) s m → selected_message_exists_in_all_preloaded_traces Free (field_selector output) s mselected_message_exists_in_some_preloaded_traces Free (field_selector output) s massumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
Htr'_lst: valid_state_prop PreFree s
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'
Hconsistency: selected_message_exists_in_some_preloaded_traces Free (field_selector output) s m → selected_message_exists_in_all_preloaded_traces Free (field_selector output) s mtrace_has_message (field_selector output) m tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
Htr'_lst: valid_state_prop PreFree s
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'
Hconsistency: selected_message_exists_in_all_preloaded_traces Free (field_selector output) s mtrace_has_message (field_selector output) m tr''assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
Htr'_lst: valid_state_prop PreFree s
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': trace_has_message (field_selector output) m tr'
Hconsistency: trace_has_message (field_selector output) m tr''trace_has_message (field_selector output) m tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (finite_trace_last is (tr' ++ [item])) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))v ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hlst': finite_trace_last is' tr'' = s
item: transition_item
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr': list transition_item
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' (finite_trace_last is' tr'') tr''
Htr': finite_valid_trace_init_to PreFree is (finite_trace_last is' tr'') tr'
item: transition_item
Heq: set_eq (equivocating_validators (finite_trace_last is' tr'')) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr': list transition_item
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' (finite_trace_last is' tr'') tr''
Htr': finite_valid_trace_init_to PreFree is (finite_trace_last is' tr'') tr'
item: transition_item
Heq: set_eq (equivocating_validators (finite_trace_last is' tr'')) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr': list transition_item
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' (finite_trace_last is' tr'') tr''
Htr': finite_valid_trace_init_to PreFree is (finite_trace_last is' tr'') tr'
item: transition_item
Heq: set_eq (equivocating_validators (finite_trace_last is' tr'')) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))equivocation_in_trace PreFree m (tr' ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr': list transition_item
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' (finite_trace_last is' tr'') tr''
Htr': finite_valid_trace_init_to PreFree is (finite_trace_last is' tr'') tr'
item: transition_item
Heq: set_eq (equivocating_validators (finite_trace_last is' tr'')) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))tr' ++ [item] = tr' ++ [?Goal0] ∧ input ?Goal0 = Some m ∧ ¬ trace_has_message (field_selector output) m tr'split; assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr': list transition_item
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' (finite_trace_last is' tr'') tr''
Htr': finite_valid_trace_init_to PreFree is (finite_trace_last is' tr'') tr'
item: transition_item
Heq: set_eq (equivocating_validators (finite_trace_last is' tr'')) (equivocating_validators (destination item))
v: validator
Hprefix: trace_witnessing_equivocation_prop is' tr''
m: message
Hm: sender m = Some v
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m tr''
Heqv': ¬ trace_has_message (field_selector output) m tr'
Hwitness: v ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr' ++ [item]))input item = Some m ∧ ¬ trace_has_message (field_selector output) m tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr''_item: prefix ++ suffix' ++ [sitem] = tr'' ++ [item]
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr''_item: (prefix ++ suffix') ++ [sitem] = tr'' ++ [item]
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr''_item: prefix ++ suffix' = tr'' ∧ sitem = item
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is' prefixapply (Hprefix _ _ Heq_tr''). Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr': list transition_item
Htr': finite_valid_trace_init_to PreFree is s tr'
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hprefix: strong_trace_witnessing_equivocation_prop is' tr''
item: transition_item
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Heq: set_eq (equivocating_validators s) (equivocating_validators (destination item))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr'': prefix ++ suffix' = tr''
Heq_item: sitem = item
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))strong_trace_witnessing_equivocation_prop is (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))strong_trace_witnessing_equivocation_prop is (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix: list transition_item
Heq_tr''_item: prefix ++ suffix = tr ++ [item]trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix: list transition_item
Heq_tr''_item: prefix ++ [] = tr ++ [item]
Hsuffix_eq: suffix = []trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr''_item: prefix ++ suffix' ++ [sitem] = tr ++ [item]
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix: list transition_item
Heq_tr''_item: prefix ++ [] = tr ++ [item]
Hsuffix_eq: suffix = []trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix: list transition_item
Heq_tr''_item: prefix = tr ++ [item]
Hsuffix_eq: suffix = []trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))trace_witnessing_equivocation_prop is (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validatorv' ∈ equivocating_validators (finite_trace_last is (tr ++ [item])) ↔ (∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validatorv' ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validatorv' ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: tr ++ [] = tr → trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validatorv' ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is trv' ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is trv' ∈ equivocating_validators (destination item) ↔ (∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item]))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is trv' ∈ equivocating_validators (destination item) → ∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr(∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])) → v' ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is trv' ∈ equivocating_validators (destination item) → ∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Hv': v' ∈ equivocating_validators (destination item)∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Hv': v' ∈ set_add v (equivocating_validators s)∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Hv': v' = v ∨ v' ∈ equivocating_validators s∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Hv': v' = v ∨ v' ∈ equivocating_validators (finite_trace_last is tr)∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Heq_v: v' = v∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Hv': v' ∈ equivocating_validators (finite_trace_last is tr)∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Heq_v: v' = v∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is (finite_trace_last is tr) tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators (finite_trace_last is tr)))
Hprefix: trace_witnessing_equivocation_prop is tr∃ m : message, sender m = Some v ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is (finite_trace_last is tr) tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators (finite_trace_last is tr)))
Hprefix: trace_witnessing_equivocation_prop is trsender msg = Some v ∧ equivocation_in_trace PreFree msg (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is (finite_trace_last is tr) tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators (finite_trace_last is tr)))
Hprefix: trace_witnessing_equivocation_prop is trequivocation_in_trace PreFree msg (tr ++ [item])repeat split; assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is (finite_trace_last is tr) tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators (finite_trace_last is tr)))
Hprefix: trace_witnessing_equivocation_prop is trtr ++ [item] = tr ++ [?Goal2] ∧ input ?Goal2 = Some msg ∧ ¬ trace_has_message (field_selector output) msg trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Hv': v' ∈ equivocating_validators (finite_trace_last is tr)∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
Hv': ∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m tr∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m tr∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m trsender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m trequivocation_in_trace PreFree m (tr ++ [item])assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m trequivocation_in_trace PreFree m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr(∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m (tr ++ [item])) → v' ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m (tr ++ [item])v' ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m tr ∨ input item = Some m ∧ ¬ trace_has_message (field_selector output) m trv' ∈ equivocating_validators (destination item)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m tr ∨ input item = Some m ∧ ¬ trace_has_message (field_selector output) m trv' ∈ set_add v (equivocating_validators s)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m tr ∨ input item = Some m ∧ ¬ trace_has_message (field_selector output) m trv' = v ∨ v' ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m trv' = v ∨ v' ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: input item = Some m ∧ ¬ trace_has_message (field_selector output) m trv' = v ∨ v' ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m trv' = v ∨ v' ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m trv' = v ∨ v' ∈ equivocating_validators (finite_trace_last is tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m trv' ∈ equivocating_validators (finite_trace_last is tr)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m tr∃ m : message, sender m = Some v' ∧ equivocation_in_trace PreFree m trsplit; assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: equivocation_in_trace PreFree m trsender m = Some v' ∧ equivocation_in_trace PreFree m trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: input item = Some m ∧ ¬ trace_has_message (field_selector output) m trv' = v ∨ v' ∈ equivocating_validators smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: input item = Some m ∧ ¬ trace_has_message (field_selector output) m trv' = vmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heqv: input item = Some m ∧ ¬ trace_has_message (field_selector output) m trv' = vcongruence.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst': finite_trace_last is tr = s
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
v': validator
Hprefix: trace_witnessing_equivocation_prop is tr
m: message
Hm: sender m = Some v'
Heq_om: input item = Some m
Heqv: ¬ trace_has_message (field_selector output) m trv' = vmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr''_item: prefix ++ suffix' ++ [sitem] = tr ++ [item]
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr''_item: (prefix ++ suffix') ++ [sitem] = tr ++ [item]
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr''_item: prefix ++ suffix' = tr ∧ sitem = item
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is prefixapply (Hprefix _ _ Heq_tr''). Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hprefix: strong_trace_witnessing_equivocation_prop is tr
item: transition_item
msg: message
Hmsg: input item = Some msg
Hwneq: ¬ trace_has_message (field_selector output) msg tr
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))
prefix, suffix, suffix': list transition_item
sitem: transition_item
Heq_tr'': prefix ++ suffix' = tr
Heq_item: sitem = item
Hsuffix_eq: suffix = suffix' ++ [sitem]trace_witnessing_equivocation_prop is prefix
Proving that any state
(1) the length of a trace witnessing the equivocation of
For the induction step we assume that the witnessing trace leading to
The conclusion then follows by the two helper lemmas above.
s has the strong_trace_witnessing_equivocation_property
proceeds via a more technical double induction over both:
s; and
(2) the size of the set of equivocators of s.
s is
of the form tr ++ [item. By Lemma equivocating_validators_witness_last_char
we know that either tr is also a witnessing trace, in which case we can use
the induction hypothesis via property (1), or the set of equivocators for the
last state of tr is strictly included in that of s, allowing us to use
the induction hypothesis via property (2).
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop PreFree s∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop PreFree s∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: ∃ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr ∧ trace_witnessing_equivocation_prop is tr∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hwitness: trace_witnessing_equivocation_prop is tr∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hlst: finite_trace_last is tr = s
Hwitness: trace_witnessing_equivocation_prop is tr∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is (finite_trace_last is tr) tr
Hwitness: trace_witnessing_equivocation_prop is tr∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr: list transition_item
Htr: finite_valid_trace PreFree is tr
Hwitness: trace_witnessing_equivocation_prop is tr∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr: list transition_item
Htr: finite_valid_trace PreFree is tr
Hwitness: trace_witnessing_equivocation_prop is tr
n: nat
Heqn: n = length tr∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
is: state
tr: list transition_item
Htr: finite_valid_trace PreFree is tr
Hwitness: trace_witnessing_equivocation_prop is tr
n: nat
Heqn: n = length tr
m: nat
Heqm: m = length (equivocating_validators (finite_trace_last is tr))∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender∀ (m n : nat) (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop∀ (m n : nat) (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop∀ n m : nat, (∀ p q : nat, p < n → Pr p q) → (∀ p : nat, p < m → Pr n p) → Pr n mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m pPr m nmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr: list transition_itemm = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr: list transition_item
Htr_eq: tr = []m = length (equivocating_validators (finite_trace_last is [])) → n = length [] → finite_valid_trace PreFree is [] → trace_witnessing_equivocation_prop is [] → let s := finite_trace_last is [] in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr, tr': list transition_item
item: transition_item
Htr_eq: tr = tr' ++ [item]m = length (equivocating_validators (finite_trace_last is (tr' ++ [item]))) → n = length (tr' ++ [item]) → finite_valid_trace PreFree is (tr' ++ [item]) → trace_witnessing_equivocation_prop is (tr' ++ [item]) → let s := finite_trace_last is (tr' ++ [item]) in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr: list transition_item
Htr_eq: tr = []m = length (equivocating_validators (finite_trace_last is [])) → n = length [] → finite_valid_trace PreFree is [] → trace_witnessing_equivocation_prop is [] → let s := finite_trace_last is [] in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: statem = length (equivocating_validators (finite_trace_last is [])) → n = length [] → finite_valid_trace PreFree is [] → trace_witnessing_equivocation_prop is [] → let s := finite_trace_last is [] in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []let s := finite_trace_last is [] in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []finite_valid_trace_init_to PreFree is (finite_trace_last is []) [] ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = [] → trace_witnessing_equivocation_prop is prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []finite_valid_trace_init_to PreFree is (finite_trace_last is []) []message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []∀ prefix suffix : list transition_item, prefix ++ suffix = [] → trace_witnessing_equivocation_prop is prefixapply finite_valid_trace_init_add_last ; [assumption | reflexivity].message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []finite_valid_trace_init_to PreFree is (finite_trace_last is []) []message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []∀ prefix suffix : list transition_item, prefix ++ suffix = [] → trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []
prefix, suffix: list transition_item
Heq_tr: prefix ++ suffix = []trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []
prefix, suffix: list transition_item
Heq_tr: prefix = [] ∧ suffix = []trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []
prefix, suffix: list transition_item
H: prefix = []
H0: suffix = []trace_witnessing_equivocation_prop is prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []trace_witnessing_equivocation_prop is []apply Htr.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
Htr: finite_valid_trace PreFree is []composite_initial_state_prop IM ismessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr, tr': list transition_item
item: transition_item
Htr_eq: tr = tr' ++ [item]m = length (equivocating_validators (finite_trace_last is (tr' ++ [item]))) → n = length (tr' ++ [item]) → finite_valid_trace PreFree is (tr' ++ [item]) → trace_witnessing_equivocation_prop is (tr' ++ [item]) → let s := finite_trace_last is (tr' ++ [item]) in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr, tr': list transition_item
item: transition_item
Htr_eq: tr = tr' ++ [item]m = length (equivocating_validators (destination item)) → n = length (tr' ++ [item]) → finite_valid_trace PreFree is (tr' ++ [item]) → trace_witnessing_equivocation_prop is (tr' ++ [item]) → let s := destination item in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr, tr': list transition_item
item: transition_item
Htr_eq: tr = tr' ++ [item]
Hm: m = length (equivocating_validators (destination item))
Hn: n = length (tr' ++ [item])
Htr'_item: finite_valid_trace PreFree is (tr' ++ [item])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])let s := destination item in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr, tr': list transition_item
item: transition_item
Htr_eq: tr = tr' ++ [item]
Hm: m = length (equivocating_validators (destination item))
Hn: n = length (tr' ++ [item])
Htr'_item: finite_valid_trace_init_to PreFree is (destination item) (tr' ++ [item])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])let s := destination item in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : state) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → let s := finite_trace_last is tr in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: state
tr, tr': list transition_item
l: label
om: option message
s': state
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators (destination {| l := l; input := om; destination := s'; output := om' |}))
Hn: n = length (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is (destination {| l := l; input := om; destination := s'; output := om' |}) (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])let s := destination {| l := l; input := om; destination := s'; output := om' |} in ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
msg: message
Heq_om: om = Some msg
v: validator
Hsender: sender msg = Some v
Hnv: v ∉ equivocating_validators (finite_trace_last is tr')
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr'))) ∧ (∀ (is0 : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr') tr → trace_witnessing_equivocation_prop is0 tr → ¬ trace_has_message (field_selector output) msg tr)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
IHn: length tr' < n → Pr m (length tr')∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + length [{| l := l; input := om; destination := s'; output := om' |}]
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
IHn: length tr' < n → Pr m (length tr')∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
IHn: length tr' < n → Pr m (length tr')∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
IHn: Pr m (length tr')∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
IHn: m = length (equivocating_validators (finite_trace_last is tr')) → length tr' = length tr' → finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
IHn: m = length (equivocating_validators (finite_trace_last is tr')) → length tr' = length tr' → finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
IHn: m = length (equivocating_validators (finite_trace_last is tr')) → length tr' = length tr' → finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
IHn: m = length (equivocating_validators (finite_trace_last is tr')) → length tr' = length tr' → finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: length tr' = length tr' → finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_from_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)finite_valid_trace PreFree is tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)finite_valid_trace PreFree is tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)finite_valid_trace_from PreFree is tr'assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from PreFree is tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: finite_valid_trace PreFree is tr' → trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)finite_valid_trace_from PreFree is tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: trace_witnessing_equivocation_prop is tr' → ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
IHn: ∃ (is' : _composite_state IM) (tr'0 : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr'0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr'0 → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_from_to PreFree is' (finite_trace_last is tr') tr''
Hinit': initial_state_prop is'
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr'' → trace_witnessing_equivocation_prop is' prefix∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_from_to PreFree is' (finite_trace_last is tr') tr''
Hinit': initial_state_prop is'
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr'' → trace_witnessing_equivocation_prop is' prefix
Htr''_item: finite_valid_trace_from_to PreFree is' s' (tr'' ++ [{| l := l; input := om; destination := s'; output := om' |}])∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_from_to PreFree is' (finite_trace_last is tr') tr''
Hinit': initial_state_prop is'
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr'' → trace_witnessing_equivocation_prop is' prefix
Htr''_item: finite_valid_trace_from_to PreFree is' s' (tr'' ++ [{| l := l; input := om; destination := s'; output := om' |}])finite_valid_trace_init_to PreFree is' s' ?Goal0 ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = ?Goal0 → trace_witnessing_equivocation_prop is' prefix)apply (strong_trace_witnessing_equivocation_prop_extend_eq _ is tr' (conj Htr' Hinit)) ; [split; assumption|assumption..].message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length tr' + 1
Htr': finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr'
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := om; destination := s'; output := om' |}]
Hinit: initial_state_prop is
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Heq: set_eq (equivocating_validators (finite_trace_last is tr')) (equivocating_validators s')
Hwitness': trace_witnessing_equivocation_prop is tr'
Hlen1: length (Equivocation.equivocating_validators s') ≤ length (equivocating_validators (finite_trace_last is tr'))
s:= finite_trace_last is tr': state
Hlen2: length (Equivocation.equivocating_validators s) ≤ length (equivocating_validators s')
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_from_to PreFree is' (finite_trace_last is tr') tr''
Hinit': initial_state_prop is'
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr'' → trace_witnessing_equivocation_prop is' prefix
Htr''_item: finite_valid_trace_from_to PreFree is' s' (tr'' ++ [{| l := l; input := om; destination := s'; output := om' |}])∀ prefix suffix : list transition_item, prefix ++ suffix = tr'' ++ [{| l := l; input := om; destination := s'; output := om' |}] → trace_witnessing_equivocation_prop is' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
m, n: nat
IHm: ∀ p q : nat, p < m → Pr p q
IHn: ∀ p : nat, p < n → Pr m p
is: _composite_state IM
tr, tr': list transition_item
l: _composite_label IM
om: option message
s': _composite_state IM
om': option message
Htr_eq: tr = tr' ++ [{| l := l; input := om; destination := s'; output := om' |}]
Hm: m = length (equivocating_validators s')
Hn: n = length (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := om; destination := s'; output := om' |}])
msg: message
Heq_om: om = Some msg
v: validator
Hsender: sender msg = Some v
Hnv: v ∉ equivocating_validators (finite_trace_last is tr')
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr'))) ∧ (∀ (is0 : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr') tr → trace_witnessing_equivocation_prop is0 tr → ¬ trace_has_message (field_selector output) msg tr)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
Hnv: v ∉ equivocating_validators (finite_trace_last is tr')
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr'))) ∧ (∀ (is0 : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr') tr → trace_witnessing_equivocation_prop is0 tr → ¬ trace_has_message (field_selector output) msg tr)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
Hnv: v ∉ equivocating_validators (finite_trace_last is tr')
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr')))
Hwneq: ∀ (is0 : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr') tr → trace_witnessing_equivocation_prop is0 tr → ¬ trace_has_message (field_selector output) msg tr∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
Hwitness': valid_state_prop PreFree s → ∃ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr ∧ trace_witnessing_equivocation_prop is tr∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
Hwitness': valid_state_prop PreFree s → ∃ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr ∧ trace_witnessing_equivocation_prop is trvalid_state_prop PreFree smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
Hwitness': ∃ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr ∧ trace_witnessing_equivocation_prop is tr∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
Hwitness': valid_state_prop PreFree s → ∃ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr ∧ trace_witnessing_equivocation_prop is trvalid_state_prop PreFree smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: valid_state_prop PreFree (finite_trace_last is tr')
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
Hwitness': valid_state_prop PreFree s → ∃ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr ∧ trace_witnessing_equivocation_prop is trvalid_state_prop PreFree sassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: valid_state_prop PreFree (finite_trace_last is tr')
v: validator
Hsender: sender msg = Some v
Hwitness': valid_state_prop PreFree (finite_trace_last is tr') → ∃ (is0 : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr') tr ∧ trace_witnessing_equivocation_prop is0 tr
Hwneq: ∀ (is0 : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is0 (finite_trace_last is tr') tr → trace_witnessing_equivocation_prop is0 tr → ¬ trace_has_message (field_selector output) msg tr
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr')))
Hnv: v ∉ equivocating_validators (finite_trace_last is tr')valid_state_prop PreFree (finite_trace_last is tr')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
Hwitness': ∃ (is : state) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr ∧ trace_witnessing_equivocation_prop is tr∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
IHm: ∀ p q : nat, p < length (equivocating_validators s') → Pr p q
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')length (equivocating_validators s) < length (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: Pr (length (equivocating_validators s)) (length tr'')∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')length (equivocating_validators s) < length (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')NoDup (set_add v (equivocating_validators s))message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')
Hnodup_v_s: NoDup (set_add v (equivocating_validators s))length (equivocating_validators s) < length (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')NoDup (set_add v (equivocating_validators s))apply equivocating_validators_nodup.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')NoDup (equivocating_validators s)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')
Hnodup_v_s: NoDup (set_add v (equivocating_validators s))length (equivocating_validators s) < length (equivocating_validators s')rewrite <- set_add_length in Hlen1; assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) < length (equivocating_validators s') → Pr (length (equivocating_validators s)) (length tr'')
Hnodup_v_s: NoDup (set_add v (equivocating_validators s))
Hlen1: length (set_add v (equivocating_validators s)) ≤ length (equivocating_validators s')length (equivocating_validators s) < length (equivocating_validators s')message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: Pr (length (equivocating_validators s)) (length tr'')∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) = length (equivocating_validators (finite_trace_last is' tr'')) → length tr'' = length tr'' → finite_valid_trace PreFree is' tr'' → trace_witnessing_equivocation_prop is' tr'' → ∃ (is'0 : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is'0 (finite_trace_last is' tr'') tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is'0 prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: state
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': state
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) = length (equivocating_validators (finite_trace_last is' tr'')) → length tr'' = length tr'' → finite_valid_trace PreFree is' tr'' → trace_witnessing_equivocation_prop is' tr'' → ∃ (is'0 : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is'0 (finite_trace_last is' tr'') tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is'0 prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) = length (equivocating_validators (finite_trace_last is' tr'')) → length tr'' = length tr'' → finite_valid_trace PreFree is' tr'' → trace_witnessing_equivocation_prop is' tr'' → ∃ (is'0 : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is'0 (finite_trace_last is' tr'') tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is'0 prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: length (equivocating_validators s) = length (equivocating_validators s) → length tr'' = length tr'' → finite_valid_trace PreFree is' tr'' → trace_witnessing_equivocation_prop is' tr'' → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: finite_valid_trace PreFree is' tr'' → trace_witnessing_equivocation_prop is' tr'' → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: finite_valid_trace PreFree is' tr'' → trace_witnessing_equivocation_prop is' tr'' → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)finite_valid_trace PreFree is' tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: trace_witnessing_equivocation_prop is' tr'' → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: finite_valid_trace PreFree is' tr'' → trace_witnessing_equivocation_prop is' tr'' → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)finite_valid_trace PreFree is' tr''assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace PreFree is' tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: finite_valid_trace PreFree is' tr'' → trace_witnessing_equivocation_prop is' tr'' → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)finite_valid_trace PreFree is' tr''message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: trace_witnessing_equivocation_prop is' tr'' → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
IHm: ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_init_to PreFree is s' (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': initial_state_prop is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': initial_state_prop is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
s: _composite_state IM
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s' tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])finite_valid_trace_init_to PreFree is'' s' ?Goal ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = ?Goal → trace_witnessing_equivocation_prop is'' prefix)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}] → trace_witnessing_equivocation_prop is'' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Hwitness''': tr''' ++ [] = tr''' → trace_witnessing_equivocation_prop is'' tr'''∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}] → trace_witnessing_equivocation_prop is'' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
Hwneq: ∀ (is : _composite_state IM) (tr : list transition_item), finite_valid_trace_init_to PreFree is s tr → trace_witnessing_equivocation_prop is tr → ¬ trace_has_message (field_selector output) msg tr
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
tr''': list transition_item
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Hwitness''': trace_witnessing_equivocation_prop is'' tr'''∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}] → trace_witnessing_equivocation_prop is'' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
tr''': list transition_item
Hwneq: ¬ trace_has_message (field_selector output) msg tr'''
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Hwitness''': trace_witnessing_equivocation_prop is'' tr'''∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}] → trace_witnessing_equivocation_prop is'' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
item: transition_item
Heqitem: item = {| l := l; input := Some msg; destination := s'; output := om' |}
IHn: ∀ p : nat, p < length (tr' ++ [item]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [item]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [item]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
tr''': list transition_item
Hwneq: ¬ trace_has_message (field_selector output) msg tr'''
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [item])
Hwitness''': trace_witnessing_equivocation_prop is'' tr'''∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' ++ [item] → trace_witnessing_equivocation_prop is'' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
item: transition_item
Heqitem: item = {| l := l; input := Some msg; destination := s'; output := om' |}
IHn: ∀ p : nat, p < length (tr' ++ [item]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [item]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [item]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
tr''': list transition_item
Hwneq: ¬ trace_has_message (field_selector output) msg tr'''
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [item])
Hwitness''': trace_witnessing_equivocation_prop is'' tr'''
Hextend: input item = Some msg → ¬ trace_has_message (field_selector output) msg tr''' → ∀ v : validator, sender msg = Some v → set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s)) → strong_trace_witnessing_equivocation_prop is'' (tr''' ++ [item])∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' ++ [item] → trace_witnessing_equivocation_prop is'' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
item: transition_item
Heqitem: item = {| l := l; input := Some msg; destination := s'; output := om' |}
IHn: ∀ p : nat, p < length (tr' ++ [item]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [item]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [item]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
tr''': list transition_item
Hwneq: ¬ trace_has_message (field_selector output) msg tr'''
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [item])
Hwitness''': trace_witnessing_equivocation_prop is'' tr'''
Hextend: ¬ trace_has_message (field_selector output) msg tr''' → ∀ v : validator, sender msg = Some v → set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s)) → strong_trace_witnessing_equivocation_prop is'' (tr''' ++ [item])∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' ++ [item] → trace_witnessing_equivocation_prop is'' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
item: transition_item
Heqitem: item = {| l := l; input := Some msg; destination := s'; output := om' |}
IHn: ∀ p : nat, p < length (tr' ++ [item]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [item]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [item]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
tr''': list transition_item
Hwneq: ¬ trace_has_message (field_selector output) msg tr'''
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [item])
Hwitness''': trace_witnessing_equivocation_prop is'' tr'''
Hextend: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s)) → strong_trace_witnessing_equivocation_prop is'' (tr''' ++ [item])∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' ++ [item] → trace_witnessing_equivocation_prop is'' prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
item: transition_item
Heqitem: item = {| l := l; input := Some msg; destination := s'; output := om' |}
IHn: ∀ p : nat, p < length (tr' ++ [item]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [item])
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [item]
s: _composite_state IM
Hitem: finite_valid_trace_from_to PreFree s s' [item]
v: validator
Hsender: sender msg = Some v
Heqs: s = finite_trace_last is tr'
Hnv: v ∉ equivocating_validators s
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators s))
tr''': list transition_item
Hwneq: ¬ trace_has_message (field_selector output) msg tr'''
is': _composite_state IM
tr'': list transition_item
Htr'': finite_valid_trace_init_to PreFree is' s tr''
Htr''_lst: finite_trace_last is' tr'' = s
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
Htr''': finite_valid_trace_from_to PreFree is'' s tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [item])
Hwitness''': trace_witnessing_equivocation_prop is'' tr'''
Hextend: set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s)) → strong_trace_witnessing_equivocation_prop is'' (tr''' ++ [item])set_eq (equivocating_validators (destination item)) (set_add v (equivocating_validators s))assumption. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
Pr:= λ m n : nat, ∀ (is : _composite_state IM) (tr : list transition_item), m = length (equivocating_validators (finite_trace_last is tr)) → n = length tr → finite_valid_trace PreFree is tr → trace_witnessing_equivocation_prop is tr → ∃ (is' : _composite_state IM) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' (finite_trace_last is tr) tr' ∧ (∀ prefix suffix : list transition_item, prefix ++ suffix = tr' → trace_witnessing_equivocation_prop is' prefix): nat → nat → Prop
s': _composite_state IM
tr': list transition_item
l: _composite_label IM
om': option message
msg: message
IHn: ∀ p : nat, p < length (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}]) → Pr (length (equivocating_validators s')) p
is: _composite_state IM
Htr'_item: finite_valid_trace_from_to PreFree is (finite_trace_last is tr') tr' ∧ finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
Hwitness: trace_witnessing_equivocation_prop is (tr' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Hitem: finite_valid_trace_from_to PreFree (finite_trace_last is tr') s' [{| l := l; input := Some msg; destination := s'; output := om' |}]
v: validator
Hsender: sender msg = Some v
Hneq: set_eq (equivocating_validators s') (set_add v (equivocating_validators (finite_trace_last is tr')))
Hnv: v ∉ equivocating_validators (finite_trace_last is tr')
tr''': list transition_item
Hwneq: ¬ trace_has_message (field_selector output) msg tr'''
is': _composite_state IM
tr'': list transition_item
Htr''_lst: finite_trace_last is' tr'' = finite_trace_last is tr'
Htr'': finite_valid_trace_init_to PreFree is' (finite_trace_last is tr') tr''
Hwitness': trace_witnessing_equivocation_prop is' tr''
is'': _composite_state IM
Htr''': finite_valid_trace_from_to PreFree is'' (finite_trace_last is tr') tr'''
Hinit': vinitial_state_prop Free is''
Hprefix: ∀ prefix suffix : list transition_item, prefix ++ suffix = tr''' → trace_witnessing_equivocation_prop is'' prefix
Htr'''_item: finite_valid_trace_from_to PreFree is'' s' (tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])
Hwitness''': trace_witnessing_equivocation_prop is'' tr'''
Hextend: set_eq (equivocating_validators (destination {| l := l; input := Some msg; destination := s'; output := om' |})) (set_add v (equivocating_validators (finite_trace_last is tr'))) → strong_trace_witnessing_equivocation_prop is'' (tr''' ++ [{| l := l; input := Some msg; destination := s'; output := om' |}])set_eq (equivocating_validators (destination {| l := l; input := Some msg; destination := s'; output := om' |})) (set_add v (equivocating_validators (finite_trace_last is tr')))
A version of Lemma preloaded_has_strong_trace_witnessing_equivocation_prop
guaranteeing that for any valid_state w.r.t. the Free composition there is
a trace ending in that state which is valid w.r.t. the Free composition and
it has the strong_trace_witnessing_equivocation_property.
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop Free s∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to Free is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop Free s∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to Free is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop Free s
Hpre_s: valid_state_prop (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) s∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to Free is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop Free s
Hpre_s: ∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to PreFree is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to Free is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to PreFree is s tr
Hwitness: strong_trace_witnessing_equivocation_prop is tr∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to Free is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (composite_vlsm IM (free_constraint IM)) is s tr
Hwitness: strong_trace_witnessing_equivocation_prop is tr∃ (is' : state) (tr' : list transition_item), finite_valid_trace_init_to Free is' s tr' ∧ strong_trace_witnessing_equivocation_prop is' tr'split; assumption. Qed. End witnessed_equivocation_properties. End witnessed_equivocation.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
IM: index → VLSM message
index_listing: list index
finite_index: Listing index_listing
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
validator: Type
ValEqDec: EqDecision validator
A: validator → index
sender: message → option validator
Free:= free_composite_vlsm IM: VLSM message
PreFree:= pre_loaded_with_all_messages_vlsm Free: VLSM message
Hbs_free:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Hbr_free:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
measurable_V: Measurable validator
threshold_V: ReachableThreshold validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)
validator_listing: list validator
finite_validator: Listing validator_listing
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM A sender finite_validator: BasicEquivocation (composite_state IM) validator
equivocating_validators:= Equivocation.equivocating_validators: composite_state IM → list validator
Hke: WitnessedEquivocationCapability
Hsender_safety: sender_safety_alt_prop IM A sender
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (composite_vlsm IM (free_constraint IM)) is s tr
Hwitness: strong_trace_witnessing_equivocation_prop is trfinite_valid_trace_init_to Free is s tr ∧ strong_trace_witnessing_equivocation_prop is tr
Witnessed equivocation and fixed-set equivocation
Section witnessed_equivocation_fixed_set. Context {message : Type} {MsgEqDec : EqDecision message} {index : Type} {IndEqDec : EqDecision index} {index_listing : list index} (finite_index : Listing index_listing) (IM : index -> VLSM message) (Hbs : forall i, HasBeenSentCapability (IM i)) (Hbr : forall i, HasBeenReceivedCapability (IM i)) (Hbo := fun i => HasBeenObservedCapability_from_sent_received (IM i)) (Free := free_composite_vlsm IM) (Free_HasBeenSentCapability : HasBeenSentCapability Free := free_composite_HasBeenSentCapability IM finite_index Hbs) (Free_HasBeenReceivedCapability : HasBeenReceivedCapability Free := free_composite_HasBeenReceivedCapability IM finite_index Hbr) (Free_HasBeenObservedCapability : HasBeenObservedCapability Free := free_composite_HasBeenObservedCapability IM finite_index Hbo) (sender : message -> option index) {measurable_V : Measurable index} {threshold_V : ReachableThreshold index} {is_equivocating_tracewise_no_has_been_sent_dec : RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)} (Htracewise_BasicEquivocation : BasicEquivocation (composite_state IM) index := equivocation_dec_tracewise IM id sender finite_index) (Hke : WitnessedEquivocationCapability IM id sender finite_index) (message_dependencies : message -> set message) (HMsgDep : forall i, MessageDependencies message_dependencies (IM i)) (Hfull : forall i, message_dependencies_full_node_condition_prop message_dependencies (IM i)) (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM) (can_emit_signed : channel_authentication_prop IM id sender) (Hsender_safety : sender_safety_alt_prop IM id sender := channel_authentication_sender_safety IM id sender can_emit_signed) (Free_has_sender := composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM)) . Existing Instance Htracewise_BasicEquivocation. Existing Instance Free_HasBeenSentCapability. Existing Instance Free_HasBeenReceivedCapability. Existing Instance Free_HasBeenObservedCapability.
Given the fact that the set of equivocating_validators can be empty,
and the definition of the fixed_equivocation_constraint requires
a non-empty set (to allow the composition of equivocators to exist),
we default the constraint to the composite_no_equivocation one
when there are no equivocating_validators.
Definition equivocating_validators_fixed_equivocation_constraint (s : composite_state IM) := fixed_equivocation_constraint IM Hbs Hbr (equivocating_validators s).message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
Hm: valid_message_prop Free m
v: index
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
Hm: valid_message_prop Free m
v: index
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
Hm: initial_message_prop m ∨ can_emit Free m
v: index
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
Hiom: can_emit Free m
v: index
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
Hiom: can_emit (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)))) m
v: index
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
_v: index
Hiom: can_emit (pre_loaded_with_all_messages_vlsm (IM _v)) m
v: index
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
_v: index
Hiom: can_emit (pre_loaded_with_all_messages_vlsm (IM _v)) m
v: index
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Heq_v: id v = _vcan_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
_v: index
Hiom: can_emit (pre_loaded_with_all_messages_vlsm (IM _v)) m
v: index
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Heq_v: v = _vcan_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) mcan_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) mcan_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) mcan_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: (∀ m0 : message, (λ msg : message, msg ∈ message_dependencies m) m0 → composite_has_been_observed IM Hbo s m0) → ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: (∀ m0 : message, (λ msg : message, msg ∈ message_dependencies m) m0 → composite_has_been_observed IM Hbo s m0) → ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)∀ m0 : message, m0 ∈ message_dependencies m → composite_has_been_observed IM Hbo s m0message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: (∀ m0 : message, (λ msg : message, msg ∈ message_dependencies m) m0 → composite_has_been_observed IM Hbo s m0) → ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)∀ m0 : message, m0 ∈ message_dependencies m → composite_has_been_observed IM Hbo s m0message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: (∀ m0 : message, (λ msg : message, msg ∈ message_dependencies m) m0 → composite_has_been_observed IM Hbo s m0) → ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)
dm: message
Hdm: dm ∈ message_dependencies mcomposite_has_been_observed IM Hbo s dmmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
i: index
li: vlabel (IM i)
s: composite_state IM
Hv: composite_valid IM (existT i li) (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: (∀ m0 : message, (λ msg : message, msg ∈ message_dependencies m) m0 → composite_has_been_observed IM Hbo s m0) → ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)
dm: message
Hdm: dm ∈ message_dependencies mcomposite_has_been_observed IM Hbo s dmmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
i: index
li: vlabel (IM i)
s: composite_state IM
Hv: vvalid (IM i) li (s i, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: (∀ m0 : message, (λ msg : message, msg ∈ message_dependencies m) m0 → composite_has_been_observed IM Hbo s m0) → ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)
dm: message
Hdm: dm ∈ message_dependencies mcomposite_has_been_observed IM Hbo s dmmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
i: index
li: vlabel (IM i)
s: composite_state IM
Hv: vvalid (IM i) li (s i, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: (∀ m0 : message, (λ msg : message, msg ∈ message_dependencies m) m0 → composite_has_been_observed IM Hbo s m0) → ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)
dm: message
Hdm: has_been_observed (IM i) (s i) dmcomposite_has_been_observed IM Hbo s dmassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
i: index
li: vlabel (IM i)
s: composite_state IM
Hv: vvalid (IM i) li (s i, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: (∀ m0 : message, (λ msg : message, msg ∈ message_dependencies m) m0 → composite_has_been_observed IM Hbo s m0) → ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)
dm: message
Hdm: has_been_observed (IM i) (s i) dmhas_been_observed (IM i) (s i) dmmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: ∀ j : sub_index (equivocating_validators sf), VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) j) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) j) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) j)can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) (dec_exist (λ v : index, sub_index_prop (equivocating_validators sf) v) v Hequivocating_v)) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) (dec_exist (λ v : index, sub_index_prop (equivocating_validators sf) v) v Hequivocating_v)) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) (dec_exist (λ v : index, sub_index_prop (equivocating_validators sf) v) v Hequivocating_v))can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) massumption. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
m: message
v: index
Hiom: can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hsender: sender m = Some v
sf: composite_state IM
Hequivocating_v: v ∈ equivocating_validators sf
l: composite_label IM
s: composite_state IM
Hv: composite_valid IM l (s, Some m)
Hsufficient: ∀ m : message, can_emit (pre_loaded_with_all_messages_vlsm (IM v)) m → can_emit (pre_loaded_vlsm (IM v) (λ msg : message, msg ∈ message_dependencies m)) m
Hproj: VLSM_full_projection (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) (dec_exist (λ v : index, sub_index_prop (equivocating_validators sf) v) v Hequivocating_v)) (λ msg : message, msg ∈ message_dependencies m)) (pre_loaded_vlsm (free_composite_vlsm (sub_IM IM (equivocating_validators sf))) (composite_has_been_observed IM Hbo s)) (lift_to_composite_label (sub_IM IM (equivocating_validators sf)) (dec_exist (λ v : index, sub_index_prop (equivocating_validators sf) v) v Hequivocating_v)) (lift_to_composite_state (sub_IM IM (equivocating_validators sf)) (dec_exist (λ v : index, sub_index_prop (equivocating_validators sf) v) v Hequivocating_v))can_emit (pre_loaded_vlsm (sub_IM IM (equivocating_validators sf) (dec_exist (λ v : index, sub_index_prop (equivocating_validators sf) v) v Hequivocating_v)) (λ msg : message, msg ∈ message_dependencies m)) m
Main result of the section
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
is, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trfinite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) is s trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
is, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trfinite_valid_trace_init_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) is s trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
is, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) is s trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si: state
Hsi: initial_state_prop si
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si []finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators si)) si si []message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop IM id sender finite_index si tr → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si: state
Hsi: initial_state_prop si
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si []finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators si)) si si []message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si: state
Hsi: initial_state_prop si
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si []valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators si)) siassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si: state
Hsi: initial_state_prop si
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si []initial_state_prop simessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop IM id sender finite_index si tr → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop IM id sender finite_index si tr → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s trstrong_trace_witnessing_equivocation_prop IM id sender finite_index si trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop IM id sender finite_index si tr → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s trstrong_trace_witnessing_equivocation_prop IM id sender finite_index si trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop IM id sender finite_index si tr → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
prefix: list transition_item∀ suffix : list transition_item, prefix ++ suffix = tr → trace_witnessing_equivocation_prop IM id sender finite_index si prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop IM id sender finite_index si tr → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
prefix, suffix: list transition_item
H: prefix ++ suffix = trtrace_witnessing_equivocation_prop IM id sender finite_index si prefixmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: strong_trace_witnessing_equivocation_prop IM id sender finite_index si tr → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
prefix, suffix: list transition_item
H: prefix ++ suffix = trprefix ++ suffix ++ [{| l := l; input := iom; destination := sf; output := oom |}] = tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]apply app_assoc.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
prefix, suffix: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s (prefix ++ suffix)
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
IHHtr: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (prefix ++ suffix) → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s (prefix ++ suffix)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si ((prefix ++ suffix) ++ [{| l := l; input := iom; destination := sf; output := oom |}])prefix ++ suffix ++ [{| l := l; input := iom; destination := sf; output := oom |}] = (prefix ++ suffix) ++ [{| l := l; input := iom; destination := sf; output := oom |}]message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) → let s' := destination {| l := l; input := iom; destination := sf; output := oom |} in equivocating_validators s ⊆ equivocating_validators s'finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) → equivocating_validators s ⊆ equivocating_validators sffinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) → equivocating_validators s ⊆ equivocating_validators sftrace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: equivocating_validators s ⊆ equivocating_validators sffinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) → equivocating_validators s ⊆ equivocating_validators sftrace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) ++ [] = tr ++ [{| l := l; input := iom; destination := sf; output := oom |}] → trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) → equivocating_validators s ⊆ equivocating_validators sftrace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: tr ++ [{| l := l; input := iom; destination := sf; output := oom |}] = tr ++ [{| l := l; input := iom; destination := sf; output := oom |}] → trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) → equivocating_validators s ⊆ equivocating_validators sftrace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) → equivocating_validators s ⊆ equivocating_validators sftrace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: equivocating_validators s ⊆ equivocating_validators sffinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: equivocating_validators s ⊆ equivocating_validators sffinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: equivocating_validators s ⊆ equivocating_validators sffinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
Hincl: equivocating_validators s ⊆ equivocating_validators sffinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr → finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
Hincl: equivocating_validators s ⊆ equivocating_validators sfVLSM_incl_part (composite_vlsm_machine IM (fixed_equivocation_constraint IM Hbs Hbr (equivocating_validators s))) (composite_vlsm_machine IM (fixed_equivocation_constraint IM Hbs Hbr (equivocating_validators sf)))assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
Hincl: equivocating_validators s ⊆ equivocating_validators sfequivocating_validators s ⊆ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
IHHtr: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators s)) si s tr
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s trfinite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si sf (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Ht: input_valid_transition (free_composite_vlsm IM) l (s, iom) (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s trinput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, iom) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) iom
Hv: composite_valid IM l (s, iom)
Ht: transition l (s, iom) = (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s trinput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, iom) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) iom
Hv: composite_valid IM l (s, iom)
Ht: transition l (s, iom) = (sf, oom)
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) sinput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, iom) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) iom
Hv: composite_valid IM l (s, iom)
Ht: transition l (s, iom) = (sf, oom)
Heqv: (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}]) ++ [] = tr ++ [{| l := l; input := iom; destination := sf; output := oom |}] → trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) sinput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, iom) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
iom, oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) iom
Hv: composite_valid IM l (s, iom)
Ht: transition l (s, iom) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := iom; destination := sf; output := oom |}])input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, iom) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}])input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) None
Hv: composite_valid IM l (s, None)
Ht: transition l (s, None) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := None; destination := sf; output := oom |}])input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, None) (sf, oom)repeat split ; [assumption| apply option_valid_message_None | assumption..].message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) None
Hv: composite_valid IM l (s, None)
Ht: transition l (s, None) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := None; destination := sf; output := oom |}])input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, None) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}])input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
_Hsender: sender im ≠ None
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}])input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
_Hsender: Some v ≠ None
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}])input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: trace_witnessing_equivocation_prop IM id sender finite_index si (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}])input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators (finite_trace_last si (tr ++ [ {| l := l; input := Some im; destination := sf; output := oom |}])) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators (destination {| l := l; input := Some im; destination := sf; output := oom |}) ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))input_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))valid_state_prop (pre_loaded_with_all_messages_vlsm Free) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) sinput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))valid_state_prop (pre_loaded_with_all_messages_vlsm Free) sassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: valid_state_prop (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) s
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))valid_state_prop (pre_loaded_with_all_messages_vlsm Free) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) sinput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
c: composite_has_been_observed IM Hbo s iminput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s iminput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
c: composite_has_been_observed IM Hbo s iminput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
c: composite_has_been_observed IM Hbo s imvalid_message_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
c: composite_has_been_observed IM Hbo s imfixed_equivocation_constraint IM Hbs Hbr (equivocating_validators sf) l (s, Some im)apply (composite_observed_valid IM finite_index Hbs Hbo Hbr _ s); assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
c: composite_has_been_observed IM Hbo s imvalid_message_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
c: composite_has_been_observed IM Hbo s imfixed_equivocation_constraint IM Hbs Hbr (equivocating_validators sf) l (s, Some im)assumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
c: composite_has_been_observed IM Hbo s imcomposite_has_been_observed IM (λ i : index, HasBeenObservedCapability_from_sent_received (IM i)) s immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s iminput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s imv ∈ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sfinput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s imv ∈ equivocating_validators sfmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s imsender im = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) im (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s imequivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) im (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}])message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s imtr ++ [{| l := l; input := Some im; destination := sf; output := oom |}] = tr ++ [?Goal0] ∧ input ?Goal0 = Some im ∧ ¬ trace_has_message (field_selector output) im trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s iminput {| l := l; input := Some im; destination := sf; output := oom |} = Some im ∧ ¬ trace_has_message (field_selector output) im trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im¬ trace_has_message (field_selector output) im trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im trFalsemessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im trcomposite_has_been_observed IM Hbo s immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im trcomposite_has_been_sent IM Hbs s im ∨ composite_has_been_received IM Hbr s immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im trcomposite_has_been_sent IM Hbs s immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im tr
Hsent_s: has_been_sent_prop Free (has_been_sent Free) s imcomposite_has_been_sent IM Hbs s immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im tr
Hsent_s: selected_message_exists_in_all_preloaded_traces Free (field_selector output) s im → has_been_sent Free s imcomposite_has_been_sent IM Hbs s immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im tr
Hsent_s: selected_message_exists_in_all_preloaded_traces Free (field_selector output) s im → has_been_sent Free s imselected_message_exists_in_all_preloaded_traces Free (field_selector output) s immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im trselected_message_exists_in_all_preloaded_traces Free (field_selector output) s immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im trselected_message_exists_in_some_preloaded_traces Free (field_selector output) s imassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Him_output: trace_has_message (field_selector output) im trtrace_has_message (field_selector output) im trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sfinput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) iminput_valid_transition (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) l (s, Some im) (sf, oom)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) imoption_valid_message_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (Some im)message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) imcan_emit (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) im
Hproj: (∀ (i : index) (m : message), i ∈ equivocating_validators sf → ¬ vinitial_message_prop (IM i) m) → VLSM_weak_full_projection (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (lift_sub_label IM (equivocating_validators sf)) (lift_sub_state_to IM (equivocating_validators sf) s)can_emit (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) im
Hproj: (∀ (i : index) (m : message), i ∈ equivocating_validators sf → ¬ vinitial_message_prop (IM i) m) → VLSM_weak_full_projection (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (lift_sub_label IM (equivocating_validators sf)) (lift_sub_state_to IM (equivocating_validators sf) s)∀ (i : index) (m : message), i ∈ equivocating_validators sf → ¬ vinitial_message_prop (IM i) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) im
Hproj: VLSM_weak_full_projection (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (lift_sub_label IM (equivocating_validators sf)) (lift_sub_state_to IM (equivocating_validators sf) s)can_emit (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) im
Hproj: (∀ (i : index) (m : message), i ∈ equivocating_validators sf → ¬ vinitial_message_prop (IM i) m) → VLSM_weak_full_projection (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (lift_sub_label IM (equivocating_validators sf)) (lift_sub_state_to IM (equivocating_validators sf) s)∀ (i : index) (m : message), i ∈ equivocating_validators sf → ¬ vinitial_message_prop (IM i) mapply no_initial_messages_in_IM.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) im
Hproj: (∀ (i : index) (m : message), i ∈ equivocating_validators sf → ¬ vinitial_message_prop (IM i) m) → VLSM_weak_full_projection (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (lift_sub_label IM (equivocating_validators sf)) (lift_sub_state_to IM (equivocating_validators sf) s)
i: index
m: message
H: i ∈ equivocating_validators sf¬ vinitial_message_prop (IM i) mmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) im
Hproj: VLSM_weak_full_projection (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (lift_sub_label IM (equivocating_validators sf)) (lift_sub_state_to IM (equivocating_validators sf) s)can_emit (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) immessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) im
Hproj: VLSM_weak_full_projection (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (lift_sub_label IM (equivocating_validators sf)) (lift_sub_state_to IM (equivocating_validators sf) s)can_emit (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) imassumption. Qed.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
si, s: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) si s tr
Hpre_tr: finite_valid_trace_init_to (mk_vlsm (machine (pre_loaded_with_all_messages_vlsm Free))) si s tr
sf: state
im: message
oom: option message
l: label
Hs: valid_state_prop (free_composite_vlsm IM) s
Hiom: option_valid_message_prop (free_composite_vlsm IM) (Some im)
v: index
Hsender: sender im = Some v
Hv: composite_valid IM l (s, Some im)
Ht: transition l (s, Some im) = (sf, oom)
Hincl: equivocating_validators s ⊆ equivocating_validators sf
Htr_sf: finite_valid_trace_from_to (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) si s tr
Hs': valid_state_prop (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) s
Heqv: v ∈ equivocating_validators sf ↔ (∃ m : message, sender m = Some v ∧ equivocation_in_trace (pre_loaded_with_all_messages_vlsm (free_composite_vlsm IM)) m (tr ++ [{| l := l; input := Some im; destination := sf; output := oom |}]))
Hpre_s: valid_state_prop (pre_loaded_with_all_messages_vlsm Free) s
n: ¬ composite_has_been_observed IM Hbo s im
Hequivocating_v: v ∈ equivocating_validators sf
Hemit_im: can_emit (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s) im
Hproj: VLSM_weak_full_projection (equivocators_composition_for_sent IM Hbs (equivocating_validators sf) s) (fixed_equivocation_vlsm_composition IM Hbs Hbr (equivocating_validators sf)) (lift_sub_label IM (equivocating_validators sf)) (lift_sub_state_to IM (equivocating_validators sf) s)can_emit (mk_vlsm (machine (equivocators_composition_for_observed IM Hbs Hbr (equivocating_validators sf) s))) im
As a corollary of the above, every valid state for the free composition is
also a valid state for the composition with the
equivocating_validators_fixed_equivocation_constraint induced by it.
message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None∀ s : state, valid_state_prop Free s → valid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None∀ s : state, valid_state_prop Free s → valid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s: state
Hs: valid_state_prop Free svalid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trvalid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trfinite_valid_trace_from_to (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) is s tr → valid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trfinite_valid_trace_from_to (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) is s trmessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trfinite_valid_trace_from_to (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) is s tr → valid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is tr
Htr': finite_valid_trace_from_to (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) is s trvalid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) sassumption.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is tr
Htr': valid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) svalid_state_prop (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) smessage: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s: state
Hs: valid_state_prop Free s
is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trfinite_valid_trace_from_to (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) is s trapply strong_witness_has_fixed_equivocation; assumption. Qed. End witnessed_equivocation_fixed_set.message: Type
MsgEqDec: EqDecision message
index: Type
IndEqDec: EqDecision index
index_listing: list index
finite_index: Listing index_listing
IM: index → VLSM message
Hbs: ∀ i : index, HasBeenSentCapability (IM i)
Hbr: ∀ i : index, HasBeenReceivedCapability (IM i)
Hbo:= λ i : index, HasBeenObservedCapability_from_sent_received (IM i): ∀ i : index, HasBeenObservedCapability (IM i)
Free:= free_composite_vlsm IM: VLSM message
Free_HasBeenSentCapability:= free_composite_HasBeenSentCapability IM finite_index Hbs: HasBeenSentCapability Free
Free_HasBeenReceivedCapability:= free_composite_HasBeenReceivedCapability IM finite_index Hbr: HasBeenReceivedCapability Free
Free_HasBeenObservedCapability:= free_composite_HasBeenObservedCapability IM finite_index Hbo: HasBeenObservedCapability Free
sender: message → option index
measurable_V: Measurable index
threshold_V: ReachableThreshold index
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision (is_equivocating_tracewise_no_has_been_sent IM id sender)
Htracewise_BasicEquivocation:= equivocation_dec_tracewise IM id sender finite_index: BasicEquivocation (composite_state IM) index
Hke: WitnessedEquivocationCapability IM id sender finite_index
message_dependencies: message → set message
HMsgDep: ∀ i : index, MessageDependencies message_dependencies (IM i)
Hfull: ∀ i : index, message_dependencies_full_node_condition_prop message_dependencies (IM i)
no_initial_messages_in_IM: no_initial_messages_in_IM_prop IM
can_emit_signed: channel_authentication_prop IM id sender
Hsender_safety:= channel_authentication_sender_safety IM id sender can_emit_signed: sender_safety_alt_prop IM id sender
Free_has_sender:= composite_no_initial_valid_messages_have_sender IM id sender can_emit_signed no_initial_messages_in_IM (free_constraint IM): ∀ m : message, valid_message_prop (composite_vlsm IM (free_constraint IM)) m → sender m ≠ None
s, is: state
tr: list transition_item
Htr: finite_valid_trace_init_to (free_composite_vlsm IM) is s tr
Heqv: strong_trace_witnessing_equivocation_prop IM id sender finite_index is trfinite_valid_trace_from_to (composite_vlsm IM (equivocating_validators_fixed_equivocation_constraint s)) is s tr